Fix merge conflicts

Due to the complicated merge, part of the new functionalilty is inserted here

Fix merge conflicts
Due to the complicated merge, part of the new functionalilty is inserted here
c1865b69 · Jan-Willem van der Meer · 4ace6dbf · c1865b69 · c1865b69 · c1865b69
Commit c1865b69 authored Oct 14, 2014 by Jan-Willem van der Meer
4 changed files
--- a/lib/api/ldap.rb
+++ b/lib/api/ldap.rb
@@ -10,7 +10,10 @@ module API
      # Example Request:
      #  GET /ldap/groups
      get 'groups' do
-        @groups = Gitlab::LDAP::Adapter.new.groups("#{params[:search]}*", 20)
+        # NOTE: this should be deprecated in favour of /ldap/PROVIDER_NAME/groups
+        # for now we just select the first LDAP server
+        provider = Gitlab::LDAP::Config.servers.first['provider_name']
+        @groups = Gitlab::LDAP::Adapter.new(provider).groups("#{params[:search]}*", 20)
        present @groups, with: Entities::LdapGroup
      end
    end

--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
 # LDAP authorization model
 #
 # * Check if we are allowed access (not blocked)
+# * Update authorizations and associations
 #
 module Gitlab
  module LDAP
    class Access
-      attr_reader :adapter, :provider, :user
+      attr_reader :adapter, :provider, :user, :ldap_user
      def self.open(user, &block)
        Gitlab::LDAP::Adapter.open(user.provider) do |adapter|
@@ -14,7 +15,7 @@ module Gitlab
      end
      def self.allowed?(user)
-        self.open do |access|
+        self.open(user) do |access|
          if access.allowed?
            access.update_permissions
            access.update_email
@@ -52,31 +53,28 @@ module Gitlab
        Gitlab::LDAP::Config.new(provider)
      end
-      def get_ldap_user(user)
+      def ldap_user
-        @ldap_user ||= Gitlab::LDAP::Person.find_by_dn(user.extern_uid)
+        @ldap_user ||= Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
      end
-      def update_permissions(user)
+      def update_permissions
-        if Gitlab.config.ldap['sync_ssh_keys']
+        if sync_ssh_keys?
-          update_ssh_keys(user)
+          update_ssh_keys
        end
        # Skip updating group permissions
        # if instance does not use group_base setting
-        return true unless Gitlab.config.ldap['group_base'].present?
+        return true unless group_base.present?
-        update_ldap_group_links(user)
+        update_ldap_group_links
-        if Gitlab.config.ldap['admin_group'].present?
+        if admin_group.present?
-          update_admin_status(user)
+          update_admin_status
        end
      end
      # Update user ssh keys if they changed in LDAP
-      def update_ssh_keys(user)
+      def update_ssh_keys
-        # Get LDAP user entry
-        ldap_user = get_ldap_user(user)
        user.keys.ldap.where.not(key: ldap_user.ssh_keys).each do |deleted_key|
          Rails.logger.info "#{self.class.name}: removing LDAP SSH key #{deleted_key.key} from #{user.name} (#{user.id})"
          unless deleted_key.destroy
@@ -86,7 +84,7 @@ module Gitlab
        (ldap_user.ssh_keys - user.keys.ldap.pluck(:key)).each do |key|
          Rails.logger.info "#{self.class.name}: adding LDAP SSH key #{key.inspect} to #{user.name} (#{user.id})"
-          new_key = LDAPKey.new(title: "LDAP - #{Gitlab.config.ldap['sync_ssh_keys']}", key: key)
+          new_key = LDAPKey.new(title: "LDAP - #{ldap_config.sync_ssh_keys}", key: key)
          new_key.user = user
          unless new_key.save
            Rails.logger.error "#{self.class.name}: failed to add LDAP SSH key #{key.inspect} to #{user.name} (#{user.id})\n"\
@@ -96,16 +94,12 @@ module Gitlab
      end
      # Update user email if it changed in LDAP
-      def update_email(user)
+      def update_email
-        uid = user.extern_uid
+        if ldap_user.try(:email)
-        ldap_user = get_ldap_user(user)
-        gitlab_user = ::User.where(provider: 'ldap', extern_uid: uid).last
-        if gitlab_user && ldap_user && ldap_user.email
          ldap_email = ldap_user.email.last.to_s.downcase
-          if (gitlab_user.email != ldap_email)
+          if (user.email != ldap_email)
-            gitlab_user.update(email: ldap_email)
+            user.update(email: ldap_email)
          else
            false
          end
@@ -114,8 +108,8 @@ module Gitlab
        end
      end
-      def update_admin_status(user)
+      def update_admin_status
-        admin_group = Gitlab::LDAP::Group.find_by_cn(Gitlab.config.ldap['admin_group'], adapter)
+        admin_group = Gitlab::LDAP::Group.find_by_cn(ldap_config.admin_group, adapter)
        if admin_group.has_member?(Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter))
          unless user.admin?
            user.admin = true
@@ -130,9 +124,9 @@ module Gitlab
      end
      # Loop throug all ldap conneted groups, and update the users link with it
-      def update_ldap_group_links(user)
+      def update_ldap_group_links
        gitlab_groups_with_ldap_link.each do |group|
-          active_group_links = group.ldap_group_links.where(cn: cns_with_access(get_ldap_user(user)))
+          active_group_links = group.ldap_group_links.where(cn: cns_with_access)
          if active_group_links.any?
            group.add_users([user.id], fetch_group_access(group, user, active_group_links))
@@ -149,12 +143,24 @@ module Gitlab
      end
      # returns a collection of cn strings to which the user has access
-      def cns_with_access(ldap_user)
+      def cns_with_access
        @ldap_groups_with_access ||= ldap_groups.select do |ldap_group|
          ldap_group.has_member?(ldap_user)
        end.map(&:cn)
      end
+      def sync_ssh_keys?
+        ldap_config.sync_ssh_keys?
+      end
+      def group_base
+        ldap_config.group_base
+      end
+      def admin_group
+        ldap_config.admin_group
+      end
      private
      def gitlab_groups_with_ldap_link
        ::Group.includes(:ldap_group_links).references(:ldap_group_links).

--- a/lib/gitlab/ldap/person.rb
+++ b/lib/gitlab/ldap/person.rb
@@ -47,9 +47,8 @@ module Gitlab
      end
      def ssh_keys
-        ssh_keys_attribute = Gitlab.config.ldap['sync_ssh_keys'].to_sym
+        if config.sync_ssh_keys? && entry.respond_to?(config.sync_ssh_keys)
-        if entry.respond_to?(ssh_keys_attribute)
+          entry[config.sync_ssh_keys.to_sym]
-          entry[ssh_keys_attribute]
        else
          []
        end

--- a/spec/lib/gitlab/ldap/access_spec.rb
+++ b/spec/lib/gitlab/ldap/access_spec.rb